Check: SOL-11.1-040450
Solaris 11 SPARC STIG:
SOL-11.1-040450
(in versions v2 r10 through v1 r10)
Title
The operating system, upon successful logon, must display to the user the date and time of the last logon (access). (Cat III impact)
Discussion
Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the date and time of their last successful login allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.
Check Content
Determine if last login will be printed for SSH users. # grep PrintLastLog /etc/ssh/sshd_config If PrintLastLog is found, not preceded with a "#" sign, and is set to "no", this is a finding. PrintLastLog should either not exist (defaulting to yes) or exist and be set to yes.
Fix Text
The root role is required for this action. # pfedit /etc/ssh/sshd_config Locate the line containing: PrintLastLog no and place a comment sign ("# ")at the beginning of the line or delete the line # PrintLastLog no Restart the ssh service # pfexec svcadm restart svc:/network/ssh
Additional Identifiers
Rule ID: SV-216362r603267_rule
Vulnerability ID: V-216362
Group Title: SRG-OS-000025
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000052 |
The information system notifies the user, upon successful logon (access) to the system, of the date and time of the last logon (access). |
Controls
Number | Title |
---|---|
AC-9 |
Previous Logon (Access) Notification |